Vulnerability CVE-2011-5147


Published: 2012-08-31   Modified: 2012-09-01

Description:
Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Freewebshop -> Freewebshop 

 References:
http://www.osvdb.org/77162
http://www.freewebshop.org/forum/index.php?topic=5235.0
http://www.exploit-db.com/exploits/18121

Copyright 2024, cxsecurity.com

 

Back to Top